Description
================
An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read access to system files such as /etc/passwd. Font is a WordPress plugin with over 40,000 active installs.

Vulnerability
================
The vulnerability is due to the unsanitized POST parameter 'url' being passed to file_get_contents() via file_get_contents2().